/**
 *
 */
package com.newer.config.shiro.filters;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

/**
 * 自定义权限过滤方式
 *
 * @author 寻添俊
 * 2017年11月29日-下午8:03:00
 */
public class AnyPermissionsAuthorizationFilter extends AuthorizationFilter {

    /* (non-Javadoc)
     * @see org.apache.shiro.web.filter.AccessControlFilter#isAccessAllowed(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object)
     */
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response,
                                      Object mappedValue) {
        Subject subject = getSubject(request, response);
        String[] perms = (String[]) mappedValue;

        boolean isPermitted = true;
        if (perms != null && perms.length > 0) {
            if (perms.length == 1) {
                if (!subject.isPermitted(perms[0])) {
                    isPermitted = false;
                }
            } else {
                for (String perm : perms) {
                    if (subject.isPermitted(perm)) {
                        return true;
                    }
                }
            }
        }

        return isPermitted;
    }
}
